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AMENDMENTS TO THE CLAIMS 

Listing of claims: 

I. (Currently Amended) A key distribution method applied in the Next Generation Network 
comprising a terminal, a soft switch and an authentication center, comprising: 

the terminal sending a registration request message to the soft switch for a registration; 

the soft switch sending the an authentication request message to the authentication center 
for the authentication for the terminal; and 

the authentication center authenticating the terminal, generating a session key for the 
terminal and the soft switch, and upon a succe ss- fill -registration authentication, sending the session 
key to the soft switch, so as to be distributed to the terminal upon a successful authentication; 

wherein the step of the authenticat ion center authenticating the terminal comprises: 

the authentication center generating a first verification word for the terminal according to a 
key Kc shared with the terminal, encrypting the session key with the shared key Kc, and returning 
the encrypted session key and the first verification word to the soft switch; 

the soft switch returning a registration failure response message to the terminal to notify the 
terminal of a registration failure; 

the terminal generating a second verification word according to the key Kc shared with the 
authentication center, and sending a registration message containing the second verification word 
to the soft switch for a registratio n a gain; and 

the soft switch authenticating the terminal according to the first verification wo rd and the 
second verification word . 

2. (Canceled) 
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3. (Currently Amended) The key distribution method according to claim 2 claim 1 , wherein the 
step of the soft switch distributing the session key to the terminal comprises: 

the soft switch returning to the terminal a registration success response message containing 
the session key encrypted with the shared key Kc, and sending a terminal authentication success 
message to the authentication center; and 

the terminal decrypting the session key encrypted by the authentication center according to 
the shared key Kc. 

4. (Previously Presented) The key distribution method according to claim 3, wherein the method 
further comprises: 

the terminal sending to the soft switch a list of security mechanisms supported by the 
terminal and priority information of each security mechanism; 

the soft switch choosing an appropriate security mechanism for communication according 
to the list of security mechanisms and the priority information of each security mechanism of the 
terminal. 

5. (Currently Amended) The key distribution method according to claim 1, 

wherein the registration request message and the registration message are SIP protocol 
registration messages, and the registration failure response message is a SIP protocol response 
message,^and- the registration success respo nee- m e s sa- ge- is -a SIP - ■ protocol registration request 
success message ; or 
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wherein the registration request message is a system restart message and a corresponding 
response message in the MGCP protocol, the registration failure response message and the 
f^i^ral4e^s^ee^s^'e^?ens«-iiiesKige^r-eJs a notification request message and a corresponding 
response message in the MGCP protocol, and the registration message comprises a notification 
message and a corresponding response message in the MGCP protocol; or 

wherein the registration request message comprises a system service status change message 
and a corresponding response message in the H.248 protocol, the registration failure response 
message- and the registratio n-su ccess r esp onse message are is an attribute modification message 
and a corresponding response message in the H.248 protocol, and the registration message 
comprises a notification message and a corresponding response message in the H.248 protocol; or 

wherein the registration request message is a gatekeeper request message in the H.323 
protocol, the registration failure response message is a gatekeeper rejection message in the H.323 
protocol, and the registration message is a registration request message in the H.323 protocoL-and 
the registration success response message is a registration success message in the H.323 pr otocol. 

6. (Canceled) 

7. (Previously Presented) The key distribution method according to claim 3, 

wherein the registration request message and the registration message are SIP protocol 
registration messages, the registration failure response message is a SIP protocol response 
message, and the registration success response message is a SIP protocol registration request 
success message; or 
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wherein the registration request message is a system restart message and a corresponding 
response message in the MGCP protocol, the registration failure response message and the 
registration success response message are a notification request message and a corresponding 
response message in the MGCP protocol, and the registration message comprises a notification 
message and a corresponding response message in the MGCP protocol; or 

wherein the registration request message comprises a system service status change message 
and a corresponding response message in the H.248 protocol, the registration failure response 
message and the registration success response message are an attribute modification message and a 
corresponding response message in the H.248 protocol, and the registration message comprises a 
notification message and a corresponding response message in the H.248 protocol; or 

wherein the registration request message is a gatekeeper request message in the H.323 
protocol, the registration failure response message is a gatekeeper rejection message in the H.323 
protocol, the registration message is a registration request message in the H.323 protocol, and the 
registration success response message is a registration success message in the H.323 protocol. 

8. (Previously Presented) The key distribution method according to claim 4, 

wherein the registration request message and the registration message are SIP protocol 
registration messages, the registration failure response message is a SIP protocol response 
message, and the registration success response message is a SIP protocol registration request 
success message; or 

wherein the registration request message is a system restart message and a corresponding 
response message in the MGCP protocol, the registration failure response message and the 
registration success response message are a notification request message and a corresponding 
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response message in the MGCP protocol, and the registration message comprises a notification 
message and a corresponding response message in the MGCP protocol; or 

wherein the registration request message comprises a system service status change message 
and a corresponding response message in the H.248 protocol, the registration failure response 
message and the registration success response message are an attribute modification message and a 
corresponding response message in the H.248 protocol, and the registration message comprises a 
notification message and a conesponding response message in the H.248 protocol; or 

wherein the registration request message is a gatekeeper request message in the H.323 
protocol, the registration failure response message is a gatekeeper rejection message in the H.323 
protocol, the registration message is a registration request message in the H.323 protocol, and the 
registration success response message is a registration success message in the H.323 protocol. 

9. (Currently Amended) A key distribution method applied in the Next Generation Network 
comprising a terminal, a signaling proxy, a soft switch and an authentication center, comprising: 

the terminal sending a registration request message through the signaling proxy to the soft 
switch for a registration; 

the soft switch sending the an authentication request message to the authentication center 
for the authentication for the terminal; and 

the authentication center authenticating the terminal, generating a session key for the 
terminal and the signaling proxy, and upon a suc ces sful registration authentication, sending the 
session key to the soft switch, so as to be distributed through the signaling proxy to the terminal 
u pon a successful authentication; 

wherein the step of th e authen tication center authenticating the terminal comprises: 



83798 vl/4202.02600 



6 



Atty. Docket: 4202-02600 



the authentication center ge nerating a first verification word for the terminal according to a 
key Kc shared w it h the terminal a nd a key Ksp shared with the signaling p ro xy, encrypting the 
session key r es pectively with the shared key K g and the shared key Ksp, and relum ing the 
encry pted session key and the fir st veri fication word to the soft switch; 

the soft sw i tch returnin g a re gistration failur e res ponse message th ro ugh the signaling 
proxy to the te r minal to noti fy the t erminal of a reg ist ration failure; 

the termina l generating a second verification word according to the key Kx shared with the 
authentication center, and sending a r egistratio n message containing the second verification w ord 
to the signaling proxy to b e forwarded to the soft switch for a registration again; and 

the soft switch authenticating the terminal according to the first verification word and the 
second verification wor d. 

10. (Canceled) 

1 1 . (Currently Amended) The key distribution method according to claim 10 claim 9 . wherein the 
step of the soft switch distributing the session key to the terminal comprises: 

the soft switch forwarding to the signaling proxy a terminal registration success response 
message containing the session key encrypted by the authentication center respectively with the 
shared keys Kc and Ksp, and the signaling proxy decrypting with the shared key Ksp the session 
key encrypted by the authentication center with the shared key Ksp, calculating a message 
verification word for the registration success response message with the decrypted session key, and 
forwarding to the terminal the registration success response message containing the message 
verification word and the session key encrypted with the shared key Kc; and 
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the terminal decrypting the session key encrypted by the authentication center according to 
the shared key Kc, and authenticating with the decrypted session key the message authentication 
word of the message returned from the signaling proxy so as to authenticate an identity of the 
signaling proxy, an integrity of the message and whether security mechanism parameters of the 
terminal returned from the signaling proxy are correct. 

12. (Previously Presented) The key distribution method according to claim 11, wherein the 
method further comprises: 

the terminal sending to the signaling proxy a list of security mechanisms supported by the 
terminal and priority information of each security mechanism, and the signaling proxy choosing an 
appropriate security mechanism for communication according to the security mechanisms 
supported by the terminal and the priority information of each security mechanism. 

13. (Currently Amended) The key distribution method according to claim 9, 

wherein the registration request message and the registration message are SIP protocol 
registration messages, and the registration failure response message is a SIP protocol response 
message, and the r e gistration success r e s po nse me s sage is a SIP protocol registration request 
success mes sa ge ; or 

wherein the registration request message comprises a system restart message and a 
corresponding response message in the MGCP protocol, the registration failure response message 
and the registration success response message are is a notification request message and a 
corresponding response message in the MGCP protocol, and the registration message comprises a 
notification message and a corresponding response message in the MGCP protocol; or 
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wherein the registration request message comprises a system service status change message 
and a corresponding response message in the H.248 protocol, the registration failure response 
message-artd-4he-*egi54fahen-^ an attribute modification message 

and a corresponding response message in the H.248 protocol, and the registration message 
comprises a notification message and a corresponding response message in the H.248 protocol; or 

wherein the registration request message is a gatekeeper request message in the H.323 
protocol, the registration failure response message is a gatekeeper rejection message in the H.323 
protocol, and the registration message is a registration request message in the H.323 protocol^and 
the r egi s tration - s uc ce s s response message is -a-r egistrati on-sa cccss message in the H t- 323 protoc ol . 

14. (Canceled) 

15. (Previously Presented) The key distribution method according to claim 11, 

wherein the registration request message and the registration message are SIP protocol 
registration messages, the registration failure response message is a SIP protocol response 
message, and the registration success response message is a SIP protocol registration request 
success message; or 

wherein the registration request message comprises a system restart message and a 
corresponding response message in the MGCP protocol, the registration failure response message 
and the registration success response message are a notification request message and a 
corresponding response message in the MGCP protocol, and the registration message comprises a 
notification message and a corresponding response message in the MGCP protocol; or 
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wherein the registration request message comprises a system service status change message 
and a corresponding response message in the H.248 protocol, the registration failure response 
message and the registration success response message are an attribute modification message and a 
corresponding response message in the H.248 protocol, and the registration message comprises a 
notification message and a corresponding response message in the H.248 protocol; or 

wherein the registration request message is a gatekeeper request message in the H.323 
protocol, the registration failure response message is a gatekeeper rejection message in the H.323 
protocol, the registration message is a registration request message in the H.323 protocol, and the 
registration success response message is a registration success message in the H.323 protocol. 

16. (Previously Presented) The key distribution method according to claim 12, 

wherein the registration request message and the registration message are SIP protocol 
registration messages, the registration failure response message is a SIP protocol response 
message, and the registration success response message is a SIP protocol registration request 
success message; or 

wherein the registration request message comprises a system restart message and a 
corresponding response message in the MGCP protocol, the registration failure response message 
and the registration success response message are a notification request message and a 
corresponding response message in the MGCP protocol, and the registration message comprises a 
notification message and a corresponding response message in the MGCP protocol; or 

wherein the registration request message comprises a system service status change message 
and a corresponding response message in the H.248 protocol, the registration failure response 
message and the registration success response message are an attribute modification message and a 
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corresponding response message in the H.248 protocol, and the registration message comprises a 
notification message and a corresponding response message in the H.248 protocol; or 

wherein the registration request message is a gatekeeper request message in the H.323 
protocol, the registration failure response message is a gatekeeper rejection message in the H.323 
protocol, the registration message is a registration request message in the H.323 protocol, and the 
registration success response message is a registration success message in the H.323 protocol. 

17.-18. (Canceled) 

19. (New) A key distribution system applied in the Next Generation Network comprising: 

a terminal adapted to send a registration request message for a registration; 

a soft switch adapted to receive the registration request message sent from the terminal and 
sent an authentication request message for the authentication for the terminal; and 

an authentication center adapted to receive the authentication request message sent from the 
soft switch, to authenticate the terminal, to generate a session key for the terminal and the soft 
switch, and to send the session key to the soft switch so as to be distributed to the terminal upon a 
successful authentication; 

wherein the authentication center is further to adapted to generate a first verification word 
for the terminal according to a key Kc shared with the terminal, to encrypt the session key with the 
shared key Kc, and to return the encrypted session key and the first verification word to the soft 
switch; 
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wherein the soft switch is further to adapted to return a registration failure response 
message to the terminal to notify the terminal of a registration failure, and to authenticate the 
terminal according to the first verification word and a second verification word; and 

wherein the terminal is further to adapted to generate the second verification word 
according to the key Kc shared with the authentication center, and to send a registration message 
containing the second verification word to the soft switch for a registration again. 

20. (New) A key distribution system applied in the Next Generation Network comprising: 
a terminal adapted to send a registration request message for a registration; 
a signaling proxy adapted to forward the registration request message from the terminal, 

and to distribute a session key to the terminal; 

a soft switch adapted to receive the registration request message sent from the terminal 

through the signaling proxy and sent an authentication request message for the authentication for 

the terminal; and 

an authentication center adapted to receive the authentication request message sent from the 
soft switch, to authenticate the terminal, to generate the session key for the terminal and the 
signaling proxy, and to send the session key to the soft switch so as to be distributed through the 
signaling proxy to the terminal upon a successful authentication; 

wherein the authentication center is further adapted to generate a first verification word for 
the terminal according to a key Kc shared with the terminal and a key Ksp shared with the 
signaling proxy, to encrypt the session key respectively with the shared key Kc and the shared key 
Ksp, and to return the encrypted session key and the first verification word to the soft switch; 



83798 vl/4202.02600 



12 



Atty. Docket: 4202-02600 

wherein the soft switch is further adapted to return a registration failure response message 
through the signaling proxy to the terminal to notify the terminal of a registration failure, and to 
authenticate the terminal according to the first verification word and a second verification word; 
and 

wherein the terminal is further adapted to generate the second verification word according 
to the key Kc shared with the authentication center, and to send a registration message containing 
the second verification word to the signaling proxy to be forwarded to the soft switch for a 
registration again. 
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